IETF Logo Mail Archive

Re: [Tm-rid] HHIT trust proof for Auth messages

"Wiethuechter, Adam" <adam.wiethuechter@axenterprize.com> Tue, 01 October 2019 16:12 UTC

Return-Path: <adam.wiethuechter@axenterprize.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E90E120885 for <tm-rid@ietfa.amsl.com>; Tue, 1 Oct 2019 09:12:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=axenterprize.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N2rUf5APptqQ for <tm-rid@ietfa.amsl.com>; Tue, 1 Oct 2019 09:12:44 -0700 (PDT)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94209120970 for <tm-rid@ietf.org>; Tue, 1 Oct 2019 09:12:44 -0700 (PDT)
Received: by mail-qt1-x82c.google.com with SMTP id o12so22333494qtf.3 for <tm-rid@ietf.org>; Tue, 01 Oct 2019 09:12:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axenterprize.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=chxVxuP4Krt+TEmy0IDlN3g1YO4GiqIg2vIehVp1xIo=; b=okYc1ml+8n+LSPWj32N7gIPiI0ViWPaJNAEFEQaccgzmhya/20A4Lay1VzSAm7oKTd UuPs0n+0TSd5G6Orm7hbzAL+qGRWtOGpJZLtTLLiIRxQgV9KHHtpgyXZw44qBR0NxzHM 2+SmAtK8a6DXis7mxr2LPxCkIrMqKp64/OXAM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=chxVxuP4Krt+TEmy0IDlN3g1YO4GiqIg2vIehVp1xIo=; b=M2ihprCa21p4GahQpOx2bEt/XG8sadFyObync2q2xutTUluzgmMt82mZcRSl5oHJ8m ZnV9UpEBZGsSmGZQK4nDWchIt8T1UxjwBEPjwbeIIuvnxEBc6fT+/3zdkP0JN0cpzCu4 J/vWSxHENwyJ6WLPmQlRhIbanh0shUrVkL5SeDWu6krZBTGSiMiIUD85aMOAGpepE0Mj GlfWMWycMLyzcgh3edm99DXRLrmpRYKIUiwGptQ6AyJFCssMeKllArkcz6V01dD8ToiH O8mlovoE6F4oUXWfmBWVntDeFnh5FCj7Dvgv9TRIhTvcwVVwCsT8UBJSyv/d3oDlUyMn l1tg==
X-Gm-Message-State: APjAAAVGalsu04E7N7naWRv93NwLzfDAYTDx8zH3N+xbTbm2qY5uOItj Yf8DIKOvF8qVVPE3+LTiVHhzcTUrX1K8sN1/+/RS6AY=
X-Google-Smtp-Source: APXvYqw7FR62ckjduwrGnYxKoZX/QTifaFpPy4O8MVxIdGBGUd1J6qSapQJCLRNPybX8coTFWG4z4Xp+kAWdOI/dRP0=
X-Received: by 2002:ac8:7401:: with SMTP id p1mr30830732qtq.141.1569946363427; Tue, 01 Oct 2019 09:12:43 -0700 (PDT)
MIME-Version: 1.0
References: <c8342d06-203f-6f51-d227-12501a291fc7@labs.htt-consult.com>
In-Reply-To: <c8342d06-203f-6f51-d227-12501a291fc7@labs.htt-consult.com>
From: "Wiethuechter, Adam" <adam.wiethuechter@axenterprize.com>
Date: Tue, 01 Oct 2019 12:12:28 -0400
Message-ID: <CA+r8TqVNVOOCAipmTN5BqH3UGnpezsL748iLWnc7Ra=rVtD9sg@mail.gmail.com>
To: Robert Moskowitz <rgm@labs.htt-consult.com>
Cc: "tm-rid@ietf.org" <tm-rid@ietf.org>
Content-Type: multipart/mixed; boundary="0000000000004f30a50593db9fb1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/mwos_05gaziFpA3M8btG4_mWSCs>
Subject: Re: [Tm-rid] HHIT trust proof for Auth messages
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Trustworthy Multipurpose RemoteID <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 16:12:47 -0000

All,

Attached is a mock up of what Bob has here just in the new 0.8 version of
the authentication message.

There is a 23 byte payload limit or 25 bytes if we remove the reserved
bytes and condense. I am unwilling to do this though as then the HHIT or
Trust Timestamp fields would be fragmented across pages. Its already bad
enough that the Trusted Timestamp and standard Timestamp fragment across
the 32 bit boundary (within a page) and worse the signature across 3 whole
pages already. While in practice this probably wouldn't affect much it
makes it harder to understand/read I think.

My concern, is that we are broadcasting over Bluetooth. There are 5 pages
to the authentication message (from my understanding of the new standard).
If we lose any one page it is most likely going to be a signature page (as
it spans 3 whole pages) and there will be no way to achieve that which this
format is intended for without the full signature. Perhaps the payload
section that Bob marked in (and fills the final page of the authentication
message) should be some sort of error correction on the signature?

The second version I think is unattainable in the new format, unless
someone here can defy the laws of physics and make numbers smaller than
they actually are thus allowing more to fit within the 109 byte constrain
of the message format.

Questions, comments, concerns?

On Fri, Sep 27, 2019 at 12:40 PM Robert Moskowitz <rgm@labs.htt-consult.com>
wrote:

> And here is something I have been working on as condensed proof of HHIT
> ownership objects that can be put into the auth messages.  I have not
> done that yet, like Adam has:
>
>      <figure>
>          <artwork>
>     0                   1 2                   3
>     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> |                                                               |
>    | HHIT                              |
> |                                                               |
> |                                                               |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>    | TIMESTAMP                          |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> |                                                               |
>    | HHIT                              |
>    | SIG                              |
> .                                                               .
> .                                                               .
> .                                                               .
> |                                                               |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>    / PAYLOAD                            /
> /                                                               /
>    / +-------------------------------+
>    / |                               |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
>    HHIT           16 byte HHIT of EdDSA25519 HI
>    TIMESTAMP      4 byte packet trust until timestamp
>    HHIT SIG       64 byte Signature of whole packet
>    PAYLOAD        0 to n bytes of payload
>        Length     84 + n bytes
>          </artwork>
>      </figure>
>      <figure>
>          <artwork>
>     0                   1 2                   3
>     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> |                                                               |
>    |                            DEV HHIT                           |
> |                                                               |
> |                                                               |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>    | TIMESTAMP                          |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> |                                                               |
>    |                            DEV HHIT                           |
>    | SIG                              |
> .                                                               .
> .                                                               .
> .                                                               .
> |                                                               |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> |                                                               |
>    |                              DEV HI                           |
> |                                                               |
> |                                                               |
> |                                                               |
> |                                                               |
> |                                                               |
> |                                                               |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>    |                         AUTH TIMESTAMP                        |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> |                                                               |
>    |                           AUTH HHIT                           |
> |                                                               |
> |                                                               |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> |                                                               |
>    | AUTH                               |
>    | SIG                              |
> .                                                               .
> .                                                               .
> .                                                               .
> |                                                               |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>    / PAYLOAD                            /
> /                                                               /
>    / +-------------------------------+
>    / |                               |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
>    DEV HHIT       16 byte Dev HHIT of EdDSA25519 HI
>    TIMESTAMP      4 byte packet trust until timestamp
>    DEV HHIT SIG   64 byte Signature of whole packet
>    DEV HI         32 byte Device HI of EdDSA25519 HI
>    AUTH TIMESTAMP 4 byte Dev HHIT trust until timestamp
>    AUTH HHIT      16 byte Authorizer's HHIT of EdDSA25519 HI
>    AUTH SIG       64 byte Signature of Device HHIT-HI
>    PAYLOAD        0 to n bytes of payload
>        Length    200 + n bytes
>          </artwork>
>      </figure>
>
>    |             Type              | Length            |
>
> --
> Tm-rid mailing list
> Tm-rid@ietf.org
> https://www.ietf.org/mailman/listinfo/tm-rid
>


-- 
73's,
Adam T. Wiethuechter

v2.23.0 | Report a Bug | By Email